The following is a list of basic steps needed to secure electronic devices, such as desktop
computers, laptop computers, tablets, smart phones, other mobile devices, and network printers. Additional steps may be important to implement depending upon the vendor
operating system, the applications that operate on the device, the information stored on the
device, and other factors. If your device is owned by UVa or has UVa data stored on it, you
should consult your department LSP or system administrator for additional guidance. The
website Health Systems Technology
Security also provides helpful guidance for those whose devices are managed by HSTS.

Setting up Smart Phones

All smart phones must be protected with a password of at least
four characters.

Configure your device to lock the screen automatically, after a brief period of about 10-15 minutes of inactivity, with password protection.

Setting up Desktop, Laptop, and Tablet Computers

Protect device with a strong login password

Learn what constitutes a strong password, create
ones you can remember, and never share your password with anyone. Note: If you have reason
to believe someone has learned one of your passwords, change it immediately.

Use a password protected screen saver

Configure your computer to lock the screen automatically, after a brief period of about
10-15 minutes of inactivity, with a password-protected screensaver. This enhances security and causes
you minimal inconvenience.

Turn off file sharing

To ensure other people cannot access your files and folders, you must disable file sharing.
In Windows XP uncheck the box "File and Printer Sharing" in the Properties of your wired
and wireless connections. In Windows Vista turn off File Sharing in the Network and Sharing Center.
If you purchased a Dell computer from the University, you will notice that file sharing is already disabled.
Macintosh computers disable file sharing by default.
UNIX/Linux operating systems need special attention
in this area.

Turn on firewalls

Firewalls can prevent hackers from making unwanted connections to your machine. The firewalls
on recent Windows and Macintosh operating systems are turned on by default. Make
sure, however, that you enable the firewall settings for the following operating systems:

Turn off or delete unneeded software features

The more software packages there are on a computer, the more opportunity for hackers. Uninstall
applications and turn off features you don't use.

Configure properly for multiple users

If multiple people use a computer, ensure that they each have their own user account.

Maintaining Desktop, Laptop, and Tablet Computers

Use up-to-date antivirus and antispyware software

Install FREE antivirus software (based on your operating system) on your computer, and schedule daily updates that will recognize new virus types as they emerge.

Enable the automatic
protection of all incoming files, and schedule weekly scans of your hard drive.

Install antispyware software on your computer, since antivirus protection is not enough. Download
the Microsoft antispyware software Windows
Defender If you are using Windows Vista or later, it comes pre-installed on your computer but may be turned off. Follow these steps to check.

Don't open files from unknown sources

Carefully judge the credibility and trustworthiness of the source of a file before opening
it. Email attachments and downloaded files are common sources for malicious programs. Bear
in mind that some viruses and worms can mimic the identity of a familiar email correspondent. If
you weren't expecting an attachment, you may want to contact the email sender to verify the
attachment before opening.

Keep your operating system up-to-date

Updates should be downloaded and installed immediately—many contain critical fixes
for security-related defects. Recent operating systems have automated the update process, though
you may be prompted to approve the process. If ITS PatchManagement
Service or HSTS Desktop Management
Service does not manage your updates, learn how to use your operating system auto-update feature.

Keep your application software updated

Delete data securely

Use secure data deletion to destroy files and
folders immediately and permanently in a secure manner. Find out more about Secure Deletion Shredder software and how to download it for FREE.

Backup

Create a backup of your entire system periodically, and back up critical data files whenever
you update them. The ITS Home Directory Service
provides adequate backup space for most people, but files consuming large amounts of space—video
or music—may require external disk drives to back them up adequately.

Use physical security

Protect your system from theft by physically securing your computer. Purchase a lockup
cable for your laptop to increase security in residence halls, libraries, and other places you may
take your computer, and a surge protector with a circuit breaker to protect against power line surges.
Verify that your system is covered under a homeowner's or renter's insurance policy.

Setting up Networked Printers

Use physical security

Physically secure the printer, as if it were a computer server.

Enable access controls

Change the administrator password on the https (web) login. On any printer that supports it, install a CA certificate and use it instead of a password for administrative access.
If available, use access lists to limit the users who can access the printer.

Limit network ports and protocols

Besides printing directly printing to a printer with an IP address on port 9100, other protocols
can be used for specific operating systems. These include:

These protocols are used to find printers on the network and send print jobs to them. These protocols
are rarely used, but are still available on most printers. They are vulnerable to attacks and should
be turned off.

Restrict management services

SNMP, telnet and https (web) are protocols used to manage printers. Telnet is rarely used on
older printers without web access. If https (web) access is available, telnet should be turned off.
SNMP is used for large organizations managing hundreds to thousands of devices, including printers.
SNMP should be turned off.

If there is a documented requirement for SNMP, the following guidelines should be followed
to prevent security vulnerabilities from being exploited:

Turn off version 1 and 2 of SNMP, and change the default SNMP read and write community strings.